External reviews
1,156 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Automates SOC 2 & ISO 27001 Compliance with Real-Time Monitoring and Clear Dashboards
What do you like best about the product?
how it automates compliance tasks like SOC 2 and ISO 27001, saving a lot of manual effort.
It also gives real-time monitoring and clear dashboards, making audits much faster and less stressful.
It also gives real-time monitoring and clear dashboards, making audits much faster and less stressful.
What do you dislike about the product?
it can feel expensive, especially for small teams or startups.
Also, initial setup and integrations can be a bit complex and time-consuming if your systems aren’t already well organized.
Also, initial setup and integrations can be a bit complex and time-consuming if your systems aren’t already well organized.
What problems is the product solving and how is that benefiting you?
solves the problem of manual, time-consuming compliance work by automating evidence collection, monitoring controls, and audit preparation.
This benefits me by saving a lot of time, reducing human errors, and helping achieve certifications like SOC 2 much faster with less stress.
This benefits me by saving a lot of time, reducing human errors, and helping achieve certifications like SOC 2 much faster with less stress.
Drata is the gold-standard for compliance management with steadily improving AI functionality
What do you like best about the product?
Their monitoring dashboard is fantastic for identifying monitoring and compliance gaps, and their policy creation module is a game-changer for getting company policies created or updated.
What do you dislike about the product?
The way test failures are presented in the pure JSON test output can sometimes make it take an unnecessarily long time to figure out which resource is causing a compliance error. The AI-generated output for these failures has improved, but they could still benefit from better JSON parsing so that, even when the raw output is shown, the user only sees the failures.
What problems is the product solving and how is that benefiting you?
Drata makes managing certification testing and policy creation ridiculously easy. We used it to track the myriad of items necessary for a SOC-2 Type 2 audit, and it saved our company literally months of time and alot of money on contract workers.
Recommendations to others considering the product:
Make sure the infrastructure that will be evaluated by Drata is as up-to-date as possible, and provide a clear internal champion within the company to handle all Drata coordination and data entry.
Structured ISMS and ICS support with strong risk and vendor management
What do you like best about the product?
Structured support in the development of an ISMS and ICS, good risk and vendor management.
What do you dislike about the product?
Not all areas create documented information, so you are not 100% compliant with ISO27001.
What problems is the product solving and how is that benefiting you?
Creating a good ISMS structure, Drata supports enormously here!
Strong Framework Structure and Seamless Connections
What do you like best about the product?
Framework structure and connections with different sources for tests.
What do you dislike about the product?
Generic policy templates. Not many connectors available in comparison with other tools.
What problems is the product solving and how is that benefiting you?
Compliance roadmap. Fast deployment. Governance, audit readiness and view from customers.
Drata Keeps Us Continuously Audit-Ready with Hands-Off Evidence Collection
What do you like best about the product?
What I like about Drata is how it transforms compliance from a manual, point-in-time effort into a continuous, automated process. Its integrations with tools like cloud providers and identity systems make evidence collection largely hands-off. The dashboard is clear and accessible, giving both technical and non-technical stakeholders quick insight into compliance status. Overall, Drata makes it much easier to stay audit-ready without the usual operational burden, and it scales well as organizations grow.
What do you dislike about the product?
What I dislike about Drata is that the initial setup and configuration can be time-consuming and sometimes confusing, especially when mapping controls across multiple frameworks.The platform can also generate a high volume of alerts or tasks, which may create noise if not carefully tuned.
What problems is the product solving and how is that benefiting you?
Drata solves the problem of time-consuming, manual compliance processes by automating evidence collection, control monitoring, and audit preparation. Instead of scrambling to gather documentation at audit time, it keeps everything continuously up to date, which reduces stress and minimizes the risk of missing requirements. This benefits me by saving significant time, improving accuracy, and providing real-time visibility into our compliance posture. It also makes it easier to stay audit-ready year-round and focus more on higher-value work rather than repetitive administrative tasks.
DRATA’s Easy Interface and Rapid Updates with Lots of Features
What do you like best about the product?
The Interface and ease of use are two key things for me within DRATA along with the loads of features that are available. However, there is another aspect to it, which is the upgrades that are moved to the platform are quite quick and to the business needs.
What do you dislike about the product?
having access to more frameworks could be an option. limitation of connection that can be created if there are more than 2 apps used under same category.
What problems is the product solving and how is that benefiting you?
GRC and automation around it.
Clean, Intuitive, and Packed with the Key Features We Need
What do you like best about the product?
It's easy to use - clean, well-structured, and intuitive. It has all the key features we need without a lot of unnecessary junk to get in the way.
What do you dislike about the product?
I have few complaints about Drata. I do yearn to use it more heavily for our audit management needs, as well as expediting our security questionnaire processes. However, I see this as my own limitations in capacity to invest in understanding and building out those modules to make better use of the components that are already available.
What problems is the product solving and how is that benefiting you?
Drata manages the majority of our GRC needs. It supports tracking vendor records, policies, and audit-related processes.
Recommendations to others considering the product:
Think in terms of your user workflows and how those people will perform their jobs on a day-to-day basis. For me, the usability is a huge selling point, on top of having the full suite of necessary components (policy management, continuous monitoring, risk assessments, etc.)
Drata Streamlined Our Policy and Vendor Management for Audit Readiness
What do you like best about the product?
We’ve had an incredibly positive experience with Drata. Implementing their platform has been a game-changer for our organization, especially when it comes to getting our policies, procedures, and vendor management processes structured and audit-ready.
Before Drata, many of our compliance-related documents lived in different places, and maintaining consistency across policies was time-consuming. Drata gave us a centralized, intuitive system to build, organize, and maintain our policies and procedures. The pre-built templates and automated reminders helped ensure nothing fell through the cracks, and version control made updates seamless. What used to take weeks of coordination is now streamlined into a clear, trackable workflow.
Vendor management has also improved dramatically. Drata’s vendor tracking and risk management features give us a single source of truth for all third-party relationships. We can easily monitor due diligence documentation, review timelines, and risk classifications without relying on scattered spreadsheets. This has not only strengthened our compliance posture but also given leadership better visibility into vendor risk.
Before Drata, many of our compliance-related documents lived in different places, and maintaining consistency across policies was time-consuming. Drata gave us a centralized, intuitive system to build, organize, and maintain our policies and procedures. The pre-built templates and automated reminders helped ensure nothing fell through the cracks, and version control made updates seamless. What used to take weeks of coordination is now streamlined into a clear, trackable workflow.
Vendor management has also improved dramatically. Drata’s vendor tracking and risk management features give us a single source of truth for all third-party relationships. We can easily monitor due diligence documentation, review timelines, and risk classifications without relying on scattered spreadsheets. This has not only strengthened our compliance posture but also given leadership better visibility into vendor risk.
What do you dislike about the product?
Overall, our experience with Drata has been very positive, particularly around vendor management, and policy management. However, one area where we’ve felt some limitations is client management.
What problems is the product solving and how is that benefiting you?
On the policy and procedure side, Drata provides a centralized, structured system that makes it easy to create, organize, update, and track documentation. The built-in templates and automated workflows ensure that policies are not only well-documented but also consistently reviewed and acknowledged by the appropriate team members. Instead of chasing approvals or wondering whether a policy is current, we now have clear visibility into ownership, version control, and review cycles.
When it comes to vendor management, Drata gives us a single source of truth for all third-party relationships. We can track due diligence documentation, risk assessments, contract renewals, and ongoing monitoring requirements in one place. Automated reminders and continuous monitoring help ensure that no vendor falls through the cracks, significantly reducing risk and manual administrative effort.
When it comes to vendor management, Drata gives us a single source of truth for all third-party relationships. We can track due diligence documentation, risk assessments, contract renewals, and ongoing monitoring requirements in one place. Automated reminders and continuous monitoring help ensure that no vendor falls through the cracks, significantly reducing risk and manual administrative effort.
Efficient Security Management with Robust Automation
What do you like best about the product?
I really like the automation and integrations that Drata provides. They help me manage information security and privacy much more easily, especially since we have limited resources. Drata significantly reduces manual effort and provides easy, actionable insights into areas that need fixing. The initial setup was pretty straightforward, and I also appreciate its seamless integration with tools like GitHub, Heroku, and Google Workspace.
What do you dislike about the product?
There's a few bits of clunky user flow - e.g. when a control is marked as 'not ready' it's not always clear why it's not ready. It would be better if there was a clear button that showed a step-by-step guide on how to fix something.
What problems is the product solving and how is that benefiting you?
Drata makes security management easier with limited resources by simplifying evidence collection for audits and compliance. Its automation and integrations reduce manual effort significantly and provide actionable insights into areas needing fixes.
Good Control Mapping Across Different Frameworks
What do you like best about the product?
Good control mapping across different frameworks. Drata is easy to use and makes it simpler to manage certifications.
What do you dislike about the product?
Drata doesn’t support a Quality Management System. As a result, organizations with an ISO 9001 certificate can’t use the Drata Policy Management System as a single, central point for managing their policies.
What problems is the product solving and how is that benefiting you?
It helps us stay SOC 2, ISO 27001, and HIPAA certified with minimal effort.
showing 1 - 10